[lwip-devel] Bug in SNTP POLL mode?

[Esa Hill]

Hello,

There is few issues with SNTP. It propably should not handle SNTP frames (in POLL mode) if it has not requested time update?

 

This because in current code, while in POLL mode waiting INTERVAL to send new request, a "reply" (without request) is received and timers are stopped:

sntp_recv:
  /* packet received: stop retry timeout  */
  sys_untimeout(sntp_try_next_server, NULL);
  sys_untimeout(sntp_request, NULL);

 

- If the frame has sender address which is not "sntp_last_server_address", SNTP will use err code ERR_TIMEOUT and does not resume timers   => Time update request is never sent.
  /* packet from wrong remote address or port, wait for correct response */
  err = ERR_TIMEOUT;

  
- Same result as above, but with frame where MODE has been modified from SERVER to BROADCAST.
         LWIP_DEBUGF(SNTP_DEBUG_WARN, ("sntp_recv: Invalid mode in response: %"U16_F"\n", (u16_t)mode));
        /* wait for correct response */
        err = ERR_TIMEOUT;
 
- Third issue is that if you send too short SNTP frame, it will use error code ERR_ARG and calls sntp_retry. This could be used to make LwIP SNTP clients send too fast new request to the real SNTP server.

Also when we are expecting a reply, it should be made sure that in case of invalid reply, we either resume timers and wait for proper reply or restart timers to make sure we poll again.

I actually couldn't get too short frame in so I was not able to reproduce the last one, but by looking the code this could happen. First two can be easily reproduced by sending a modified frame.

 

br,

Esa Hill